Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List Patch Third Party Advisory |
http://www.securityfocus.com/bid/94396 | Third Party Advisory VDB Entry |
https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Patch Release Notes Vendor Advisory |
http://www.openwall.com/lists/oss-security/2016/11/10/8 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/11/18/1 | Mailing List Patch Third Party Advisory |
http://www.securityfocus.com/bid/94396 | Third Party Advisory VDB Entry |
https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ | Patch Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:01
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2016/11/10/8 - Mailing List, Patch, Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2016/11/18/1 - Mailing List, Patch, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/94396 - Third Party Advisory, VDB Entry | |
References | () https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/ - Patch, Release Notes, Vendor Advisory |
Information
Published : 2017-01-31 22:59
Updated : 2024-11-21 03:01
NVD link : CVE-2016-9421
Mitre link : CVE-2016-9421
CVE.ORG link : CVE-2016-9421
JSON object : View
Products Affected
mybb
- mybb
- merge_system
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')